will include key techniques for hardening PSM learned through years of delivering

will include key techniques for hardening PSM learned through years of delivering

production JavaEE code to customers...

production JavaEE code to customers...

−

−

===Neutralizing Peer-to-Peer Botnets===

−

This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets. Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts.

May 14, 2013

"In this Chapter meeting we will not REST until we have designed an access control mechanism to protect your web services..."

Programme

18:30 - 19:15 Registration & Pizza

19:15 - 20:00

20:00 - 20:15 Break

20:15 - 21:00

21:00 - 21:30 Networking

Presentations

Neutralizing Peer-to-Peer Botnets

By Tiago Teles
This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets.
Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts.

By Dennis Andriesse
In this talk Tiago Teles takes apart password protection scheme analyzing the attack
resistance of hashes, hmacs, adaptive hashes (such as script), and encryption
schemes. First, we present a threat model for password storage. Then audience
members will learn the construction, performance, and protective properties of these
primitives. Discussion of the primitives will be from a critical perspective modeled as
an iterative secure design session.
Ultimately, this session presents the solution and code donated as part of the on-
going OWASP PSM (password storage module) project. Discussion of this solution
will include key techniques for hardening PSM learned through years of delivering
production JavaEE code to customers...

Speakers

Dennis Andriesse

Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets.

Tiago Teles

Tiago Teles is a Technical Consultant with 7 years of experience in clients across
different sectors and countries, including banking, insurance, telecommunications
and commercial organizations in a variety of roles, Development, Business
Intelligence, Quality Assurance and Delivering Training.